The Cinderella of Crime: How Fraud became a matter of national security

In a guest blog from Lindsay Whyte of Constella Intelligence we consider the rise of fraud across all sectors.

Posted 21 April 2021 by Matt Stanley

Fraud is no longer an isolated incident with an isolated response. 

There were damning conclusions about the state of fraud posture – in both the private and public sector –  contained in the Royal United Services Institute (RUSI)’s recent report. 

Within the pages of ‘The Silent Threat: The Impact of Fraud on UK National Security’, the RUSI describes how – because fraud is considered “everyone’s problem but no-one’s priority” – it has grown up without a very clear definition, or response. 

There’s a knowledge gap on how we collectively map crime and account for poly-criminality (where people move from one crime to another).

No longer can fraud be consigned politically to the kid’s table. Fraud isn’t just a pesky distraction for payment services and bank security teams. It’s a matter of national security.

The report states:

…the largely reactive nature of the fraud response has resulted in a limited understanding of the organised fraud threat and in turn a lack of operational prioritisation of fraud within SOC [Serious Organised Crime] resourcing, leading some respondents to label fraud the ‘Cinderella of crime’.

Whether you like it or not organised crime must be factored into fraud. Which means it demands a strategic response, integrated into business-as-usual processes globally. It’s not simply a tactical sprint. Fraud cannot be defined as a one-off PR nightmare and isolated loss of funds.

Hiding in plain sight

All the changes across operational, financial and managerial processes when companies grow leaves inconsistencies that render fraud as indistinguishable from normal business

Add to this high growth and aggressive post-COVID land grabs and things will fall through the cracks.

Businesses serve global, not local, customers today. Foreign laws and acquisitions multiply fraud risk before we even turn to digitalisation. Just when customer loyalty (and let’s not forget barriers to entry) across all industries are at their lowest, too

The grey markets of social media (and peer-to-peer driven validation procedures) begin overlapping the Dark Web, meaning fraud is hiding in plain sight. 

The links between excise and property fraud, money laundering, organised crime and terrorism were explored in EUROPOL’s recent SOCTA assessment 2021. The same report illustrated the sophistication of criminals. Like paying large amounts of money to property and excise victims initially to win trust before defrauding them – as a mainstay. 

This grey line between legitimate and illegitimate extends beyond our traditional definition of fraud, yet again.

Counter fraud (& happy sideffects)

Finding the root cause of fraud is not about ‘hacking back’. Legislation like The Online Harms Bill now adds a compliance dimension meaning businesses can be fined for having impersonators or fraudsters interacting with them or their customers.

Offensive counter-fraud is about proactively – meaningfully – leaving no stone unturned to identify where an attack, impersonation, leak has happened before anyone else does and then been able to control the narrative.

This gives the gift of time and planning to mitigate the fallout – financially, reputational and strategically. 

It’s no surprise that adjusting your perimeter wall to consume how the outside world mentions, tweets, gossips, trades and steals data relating to your businesses has that result. 

A technicolour approach to data

In a speech to accountants this year, Graeme Biggar, Director General at the National Economic Crime Centre with the UK’s National Crime Agency, said that “There is an enormous amount of data out there and if we use it intelligently then we can make a really big difference. If we could also begin to merge this with bank transaction data – as banks are getting much more sophisticated in their transaction monitoring – we will be better able to spot individual frauds or money muling.”

Looking intelligently at how we fuse internal datasets (like transactions) with external datasets (in the public domain) is critical for businesses and governments alike. 

The difference between what lies inside and outside a business is increasingly hard to manage. Brick & mortar exterior walls are a thing of the past. Engagements across a brand’s reputation, advertising and security perimeters are now porous, remote and unchecked. 

This is what Constella Intelligence was formed to do. We monitor the entire digital risk spectrum to eliminate the impact and source of fraud for law enforcement & the private sector. 

This guest blog was written by Lindsay Whyte, Regional Director at Constella Intelligence, who have a Cybersecurity Directory listing with us, which you can find here.